On Fri, Jul 17, 2015 at 06:48:31PM -0600, Theo de Raadt wrote: > > my perspective is: absent clear knowledge of what programs are doing, > > attempts > > to second guess them in a library function are perilous. let us be standards > > compliant, and then at least any resulting holes are clearly the program's > > fault. > > such programs always deference the pointer. > > So I agree strongly with a NULL error, rather than something hacky like > errno modification.
The only objection I can see is something stupid that does not check the error condition, derefs NULL, drops a core file in an insecure place, and therefore leaks information. To my mind this is a buggy program, combined with an insecure configuration, and we shouldn't be trying to save people from their own stupid and make it worse.. NULL sounds right to me.